[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 30 20:10:31 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9229fd15 by security tracker role at 2023-01-30T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,83 @@
-CVE-2023-24830
+CVE-2023-24831
+ RESERVED
+CVE-2023-24828
+ RESERVED
+CVE-2023-24827
+ RESERVED
+CVE-2023-24826
+ RESERVED
+CVE-2023-24825
+ RESERVED
+CVE-2023-24824
+ RESERVED
+CVE-2023-24823
+ RESERVED
+CVE-2023-24822
+ RESERVED
+CVE-2023-24821
+ RESERVED
+CVE-2023-24820
+ RESERVED
+CVE-2023-24819
+ RESERVED
+CVE-2023-24818
+ RESERVED
+CVE-2023-24817
+ RESERVED
+CVE-2023-24816
+ RESERVED
+CVE-2023-24815
+ RESERVED
+CVE-2023-24814
+ RESERVED
+CVE-2023-24813
+ RESERVED
+CVE-2023-24812
+ RESERVED
+CVE-2023-24811
+ RESERVED
+CVE-2023-24810
+ RESERVED
+CVE-2023-24809
+ RESERVED
+CVE-2023-24808
+ RESERVED
+CVE-2023-24807
+ RESERVED
+CVE-2023-24806
+ RESERVED
+CVE-2023-24805
+ RESERVED
+CVE-2023-24804
+ RESERVED
+CVE-2023-0584
+ RESERVED
+CVE-2023-0583
+ RESERVED
+CVE-2023-0582
+ RESERVED
+CVE-2023-0581 (The PrivateContent plugin for WordPress is vulnerable to protection me ...)
+ TODO: check
+CVE-2023-0580
+ RESERVED
+CVE-2023-0579
+ RESERVED
+CVE-2023-0578
+ RESERVED
+CVE-2023-0577
+ RESERVED
+CVE-2023-0576
+ RESERVED
+CVE-2023-0575
+ RESERVED
+CVE-2023-0574
+ RESERVED
+CVE-2022-48305
+ RESERVED
+CVE-2023-24830 (Improper Authentication vulnerability in Apache Software Foundation Ap ...)
NOT-FOR-US: Apache IoTDB
CVE-2023-24829
+ RESERVED
NOT-FOR-US: Apache IoTDB
CVE-2023-24803
RESERVED
@@ -3656,8 +3733,7 @@ CVE-2023-22283
RESERVED
CVE-2023-22281
RESERVED
-CVE-2023-0266 [ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF]
- RESERVED
+CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in the L ...)
{DSA-5324-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e
@@ -3807,8 +3883,8 @@ CVE-2023-0242 (Rapid7 Velociraptor allows users to be created with different pri
NOT-FOR-US: Rapid7
CVE-2023-0241
RESERVED
-CVE-2023-0240
- RESERVED
+CVE-2023-0240 (There is a logic error in io_uring's implementation which can be used ...)
+ TODO: check
CVE-2023-0239
RESERVED
CVE-2023-0238
@@ -12926,7 +13002,7 @@ CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin through
NOT-FOR-US: WordPress plugin
CVE-2022-4328
RESERVED
-CVE-2022-4327 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin th ...)
+CVE-2022-4327 (This issue does not bear any security risk as it's only exploitable by ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix Endpoint ...)
NOT-FOR-US: Trellix Endpoint Agent (xAgent)
@@ -15100,8 +15176,8 @@ CVE-2022-46089
RESERVED
CVE-2022-46088
RESERVED
-CVE-2022-46087
- RESERVED
+CVE-2022-46087 (CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A norm ...)
+ TODO: check
CVE-2022-46086
RESERVED
CVE-2022-46085
@@ -15814,8 +15890,8 @@ CVE-2022-45790
RESERVED
CVE-2022-45789
RESERVED
-CVE-2022-45788
- RESERVED
+CVE-2022-45788 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ TODO: check
CVE-2022-45787 (Unproper laxist permissions on the temporary files used by MIME4J Temp ...)
NOT-FOR-US: Apache James
CVE-2022-45786
@@ -17607,8 +17683,8 @@ CVE-2022-3992 (A vulnerability classified as problematic was found in SourceCode
NOT-FOR-US: SourceCodester Sanitization Management System
CVE-2022-3991 (The Photospace Gallery plugin for WordPress is vulnerable to Stored Cr ...)
NOT-FOR-US: Photospace Gallery plugin for WordPress
-CVE-2022-3990
- RESERVED
+CVE-2022-3990 (HPSFViewer might allow Escalation of Privilege. This potential vulnera ...)
+ TODO: check
CVE-2022-3989 (The Motors WordPress plugin before 1.4.4 does not properly validate up ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3988 (A vulnerability was found in Frappe. It has been rated as problematic. ...)
@@ -27829,8 +27905,8 @@ CVE-2022-42491 (Several OS command injection vulnerabilities exist in the m2m bi
TODO: check
CVE-2022-42490 (Several OS command injection vulnerabilities exist in the m2m binary o ...)
TODO: check
-CVE-2022-42484
- RESERVED
+CVE-2022-42484 (An OS command injection vulnerability exists in the httpd logs/view.cg ...)
+ TODO: check
CVE-2022-42483
RESERVED
CVE-2022-42482
@@ -27883,8 +27959,8 @@ CVE-2022-41154 (A directory traversal vulnerability exists in the m2m DELETE_FIL
TODO: check
CVE-2022-40222 (An OS command injection vulnerability exists in the m2m DELETE_FILE cm ...)
TODO: check
-CVE-2022-38451
- RESERVED
+CVE-2022-38451 (A directory traversal vulnerability exists in the httpd update.cgi fun ...)
+ TODO: check
CVE-2022-38091
RESERVED
CVE-2022-3429
@@ -34336,20 +34412,24 @@ CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ..
CVE-2022-39959 (Panini Everest Engine 2.0.4 allows unprivileged users to create a file ...)
NOT-FOR-US: Panini Everest Engine
CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
+ {DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39957 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
+ {DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39956 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...)
+ {DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
NOTE: Depends on changes to be done in src:libmodsecurity3 / src:modsecurity-apache, cf.
NOTE: https://bugs.debian.org/1020303
CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...)
+ {DLA-3293-1}
- modsecurity-crs 3.3.4-1 (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
@@ -37578,8 +37658,8 @@ CVE-2022-2989 (An incorrect handling of the supplementary groups in the Podman c
NOTE: https://github.com/containers/podman/pull/15696
NOTE: https://github.com/containers/podman/commit/21540161f20daffd884eba99b2cc31373c9a0ec4 (v4.2.0-rhel)
NOTE: https://github.com/containers/podman/commit/5c7f28336171f0a5137edd274e45608120d31289 (v4.3.0-rc1)
-CVE-2022-2988
- RESERVED
+CVE-2022-2988 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause s ...)
+ TODO: check
CVE-2022-2987 (The Ldap WP Login / Active Directory Integration WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2986 (Enabling and disabling installed H5P libraries did not include the nec ...)
@@ -44556,6 +44636,7 @@ CVE-2022-36229
CVE-2022-36228
RESERVED
CVE-2022-36227 (In libarchive before 3.6.2, the software does not check for an error a ...)
+ {DLA-3294-1}
- libarchive 3.6.2-1 (bug #1024669)
[bullseye] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/1754
@@ -71345,8 +71426,8 @@ CVE-2022-26875
RESERVED
CVE-2022-26873 (A potential attacker can execute an arbitrary code at the time of the ...)
NOT-FOR-US: AMI
-CVE-2022-26872
- RESERVED
+CVE-2022-26872 (AMI Megarac Password reset interception via API ...)
+ TODO: check
CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Central cou ...)
NOT-FOR-US: Trend Micro
CVE-2022-26870 (Dell PowerStore versions 2.1.0.x contain an Authentication bypass vuln ...)
@@ -82545,8 +82626,8 @@ CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerabili
NOT-FOR-US: S-CMS
CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
NOT-FOR-US: Metinfo
-CVE-2022-23334
- RESERVED
+CVE-2022-23334 (The Robot application in Ip-label Newtest before v8.5R0 was discovered ...)
+ TODO: check
CVE-2022-23333
RESERVED
CVE-2022-23332 (Command injection vulnerability in Manual Ping Form (Web UI) in Shenzh ...)
@@ -183095,6 +183176,7 @@ CVE-2020-22671
CVE-2020-22670
RESERVED
CVE-2020-22669 (Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a ...)
+ {DLA-3293-1}
- modsecurity-crs 3.3.2-1
[bullseye] - modsecurity-crs <no-dsa> (Minor issue)
NOTE: https://github.com/coreruleset/coreruleset/pull/1793
@@ -259662,6 +259744,7 @@ CVE-2019-13465 (An issue was discovered in the ROS communications-related packag
NOTE: https://github.com/ros/ros_comm/issues/1752
NOTE: https://github.com/ros/ros_comm/pull/1763
CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ...)
+ {DLA-3293-1}
- modsecurity-crs 3.2.0-1 (low; bug #943773)
[stretch] - modsecurity-crs <no-dsa> (Minor issue)
[jessie] - modsecurity-crs <not-affected> (incorrect rule does not exist)
@@ -306523,6 +306606,7 @@ CVE-2018-16386 (An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A
CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index ...)
NOT-FOR-US: ThinkPHP
CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Co ...)
+ {DLA-3293-1}
- modsecurity-crs 3.2.0-1 (low; bug #924352)
[stretch] - modsecurity-crs <no-dsa> (Minor issue)
[jessie] - modsecurity-crs <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9229fd155d865ae2a2d840aa9478973d327661b2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9229fd155d865ae2a2d840aa9478973d327661b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/8f62cc54/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list